Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Send secure mail from Mail OS X 10.5 Leopard
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
I was wondering which ports exactly are used by Mail OS X Leopard to send SSL mail because I can't send mail from outside the office.
The office firewall is setup conform the Step by Step Guide.

A search learned me a lot about some ports like 587 used by Mail OS X Leopard but my firewall tech that Mail also tries to connect to port 80 and also to the LDAP port.

But the standard LDAP port is already used by Active Directory and also the LDAPS port is used by AD, he says.

Changing the Kerio LDAPS port doesn't change anything because Mail still tries to connect over the standard LDAP port.

So is here anybody how knows exactly what to do ?

(No suggestions like 'use webmail' or something like that please)
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Secure mail uses port 465 by default, although it can use 25 or 587 if they set it up that way.

Actually, with Leopard mail it will cycle through those 3 ports to find any one that's open.

[Updated on: Fri, 13 March 2009 01:24]


-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
I think that is the problem and that I get blocked by the IPS on the firewall.

But even when I choose to override the port to 465, it can't send mail.

Strange thing is that it works from Mail 10.4 but not from Mail 10.5

My firewall tech says that he can see also incoming traffic on port 80 if I try to send mail, so I think Mail 10.5 is making more connections then we think.
But port 80 is completely closed inbound to our server and maybe that's why it doesn't work.

And like I said already : it works with 10.4 Mail

NOTE : in the office it does work, only from outside it doesn't so it has defenitely something to do with a port
Also note that all the ports are forwarded as described in the Step-by-step Guide
(except ldap and ldaps : in use by active directory)
So it must be that Mail uses more ports then they say

[Updated on: Fri, 13 March 2009 10:16]

  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Are you set up as an imap account or an exchange account in Mail?

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
As an Exchange account
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Try imap.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
I don't want to use imap, I want to figure out what is wrong and hoped that some users had experienced the same issue.
Especially because it works with an exchange account on 10.4

[Updated on: Fri, 13 March 2009 11:35]

  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Why do you want to use Exchange vs. imap?

Just wondering.

I just tested my setup with an exchange account and it works fine.

[Updated on: Fri, 13 March 2009 12:52]


-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
It's more easy to setup delegation of other accounts because they get added directly and not one by one. Otherwise it is too much work to setup all accounts
I know I can do it with imap (and also with webmail Wink thx for the suggestion)
I've setup a lot of Kerio Mailservers with all kinds of clients.
Also 10.5 Exchange accounts of course
It has something to do with this particular firewall, that's why I want to make sure which ports Mail exactly is using in Leopard.
Firewall is a Watchguard UTM Bundle x550e

Also : we have to setup a Kerio Mailserver at a customer who has also an x550e UTM and I don't want to run in the same problem.

Some of our customers have a very strict inbound policy and I already forwarded the ports exactly as described in the Kerio sbs Guide
So it still remains a mistery

I'm not getting any further by using imap.

EDIT : for example : we don't have any problem with 'simple' firewalls with a webinterface like sonicwall tz180 and fortigate 60 and Watchguard x55e UTM
Only with x550e

So I'm thinking that Mail is really using port 80

[Updated on: Fri, 13 March 2009 13:00]

  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Here's what I have forwarded:

tcp/http/80
udp/imaps/993
tcp/https/443
tcp/imap/143
tcp/pop3/110
tcp/smtp/25
tcp/imaps/993
tcp/smtps/465
tcp/submission/587
tcp/pop3s/995
tcp/ldaps/636
udp/smtps/465
udp/submission/587
udp/pop3s/995
udp/ldaps/636

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
HoosierMac wrote on Fri, 13 March 2009 12:50

Why do you want to use Exchange vs. imap?

Just wondering.

I just tested my setup with an exchange account and it works fine.

Of course it works fine, only not with this firewall with the right port forwarding.
So it gets blocked somewhere.
But my IP doen't get blocked because I still can use webmail
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Does that firewall have any SPI features that could be stopping the traffic?

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
HoosierMac wrote on Fri, 13 March 2009 13:01

Here's what I have forwarded:

tcp/http/80
udp/imaps/993
tcp/https/443
tcp/imap/143
tcp/pop3/110
tcp/smtp/25
tcp/imaps/993
tcp/smtps/465
tcp/submission/587
tcp/pop3s/995
tcp/ldaps/636
udp/smtps/465
udp/submission/587
udp/pop3s/995
udp/ldaps/636

80 is blocked inbound, in the lan in use by a voip server
587 isn't forwarded, also not in the documentation
(and I never configure this with clients and they can send mail SSL with exchange account 10.5 Mail. So I thing that port is not used at all)
636 in use by Active Directory - 637 override in kerio
I think I'll try the 587 port ...
  •  
wannes

Messages: 18
Karma: 0
Send a private message to this user
HoosierMac wrote on Fri, 13 March 2009 13:07

Does that firewall have any SPI features that could be stopping the traffic?

Yes it has and maybe it is blocking Mail because of packet loss or something ?

But I'm gonna forward your port list to our firewall technician.

Many thanks already for your effort.
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
HoosierMac wrote on Fri, 13 March 2009 13:01

Here's what I have forwarded:

tcp/http/80
udp/imaps/993
tcp/https/443
tcp/imap/143
tcp/pop3/110
tcp/smtp/25
tcp/imaps/993
tcp/smtps/465
tcp/submission/587
tcp/pop3s/995
tcp/ldaps/636
udp/smtps/465
udp/submission/587
udp/pop3s/995
udp/ldaps/636


WHAT???!!! UDP? All of them are TCP only. UDP is not used in any email protocol.
Previous Topic: Delete mailbox is moved from other deleted account
Next Topic: Tip - Rewriting/Proxying Kerio WebMail URL on IIS with ISAPI Rewrite
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 09:31:59 CET 2017

Total time taken to generate the page: 0.00580 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.